On Sep 29, 2009, at 3:50 PM, Gregory Seidman wrote: > I'm trying to write a dissector for a protocol that includes a list of > entries. The entries each have the same set of fields, but there can > be an > arbitrary number of entries in a packet. How do I set things up to > display > the entries? Should I just add a subtree for each packet and add the > same > set of fields to each one? Is there some way to actually express an > array?
You can use a loop that goes over the same code over and over since the fields are the same. I put such a feature in the VNC dissector (http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-vnc.c?view=markup ) and I'm sure there are other dissectors that do this. In the VNC dissector, one place to look is the vnc_rre_encoding() function where it retrieves the number of sub rectangles with this line: num_subrects = tvb_get_ntohl(tvb, *offset); Then proceeds with a for loop: for(i = 1; i <= num_subrects; i++) { Steve ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
